UPDATE 4.1: HackProtect Extension (No Permissions Needed) - Better Emulator Detection

HackProtect v4.1 UPDATE (Emulator Detection) cian1

HackProtect.aix (13.7 KB)


New Features:

  • AmazonStoreInstalled: Returns true if application was installed via Amazon


  • PlayStoreInstalled: Returns true if the application was installed via GooglePlay


  • GetPackagerManagerName: . Gets the name of the Package Manager that installed the app.


  • GetPackageName: Returns the name of the current application package,


  • IsRoSecureRoKernelQemu: This returns true if either the ro.secure or ro.kernel.qemu have been modified, which is a root indicator as the kernel activity may be compromised and viewable.


  • CheckForSuperUserAPK: Returns TRUE if one of 6 known root packages or variants is installed. The name of the package is not returned, so the user does not know which package name to change.


  • CheckForDangerousAPK: Returns TRUE if one of 12 known patching or root emulating packages is installed. The name of the package is not returned, so the user does not know which package name to change.



  • RoSecure process has been deleted and replaced with isRoSecureRoKernelQemu.

  • Added more root detection processes.

  • Disabled super user check, as it is giving strange results on different android versions.

  • Improved and Added Emulator Detection support for: (over 160 different checks)

    • Android Studio
    • Andy
    • Droid4x
    • Generic
    • Genymotion
    • Goldfish
    • MIT
    • Nox
    • TitaniamVM
    • VBox

Some reports that nox support is not working perfect .

  • Updated Descriptions.

  • Updated names.


  • Method to scan for user defined packages

  • Method to scan for certain processes


  • The only way to ensure you have emulator or virtual device detection is by getting the READ_PHONE_STATE, so you can get the Carrier ID, and Phone Number. I decided not to do this because it is a very aggressive permission. If people want this as a separate extension, let me know.

  • Another method is to watch the accelerometer, and make sure that it is moving. Emulators don’t move. If there is enough demand, I will try to add this.


This is not perfect. I know it, and I do not claim it is now, or ever. So if there are bugs be kind, and report them.

Total Blocks (11)

Example Use Case


This light weight extension helps you limit how your users can hack your application. 9 critical elements are detected.

  1. Was the application installed from Amazon
  2. Is ADB Debugging enabled,
  3. Is the application running on an emulator,
  4. Is the device rooted,
  5. Is the app installed from the Google Playstore,
  6. Is a well known Super User APK installed,
  7. Is a well known Patching APK installed,
  8. Name of the package manager that installed the application,
  9. Name of the package of the current app,
  10. Is RO secure, or Ro kernel qemu modified.

(NOX Emulator Bug should be fixed)

When you handle these elements properly, you can shut your app down before people can logcat, or intercept network traffic, thereby protecting things like API credentials, passwords, proxies, etc.


Nice extension


Thank you!


Nice Tool,


Thanks You!

1 Like

Thanks for this good extenstion its very helpful to developers


My pleasure!


nice you made it really, Thanks man this will help us to protect our apps a bit more.


Small But very Useful!


Thanks ! I’ve just searched for an extension like this yesterday, and today, it’s here :slight_smile:


Man, that’s really an amazing extension.
Very simple and at the same time very important at some cases.

Congratulations for the idea!

Don’t care about this guy talking nonsense. He is probably just a troll or he is envious of you.


Hey… You have 17 Likes ! Which speaks for itself that you have done a great job! :ok_hand::+1::+1::+1::+1:


it is amazing! thank you very much!

1 Like

Thank you.

1 Like

Thank you, it will be very useful


Just need to know a think btw as I can’t test it now.
When I use the is rooted component, does it ask for superuser permissions (so the promp appears) or it checks the su file in the /system folder without asking for it like the shell component?
Because it would be very useful if it detects the root status without making the superuser popup appear.

1 Like

Among other things, It checks a variety of places for the SU file.

It does not invoke the shell component

Very nice… I was hoping so.
And what about isSystemUser? I don’t figure out what is it for…
When does it return true?


Well SystemUser on Android is like Root on Unix/Linux. It is supposed to indicate that the application may be running in a manner that has root. I am not sure it is performing as expected after some feedback from others.

It is only an indicator, not decisive.

So it works with these phones that got multi user right?

1 Like